Once information has been properly labeled and those in an organization ensure they are handling the information as the security policy dictates, a final point is to manage the disposal of information. Just as it is the source which directs users on handling and labeling information, the security policy will also give details about disposal of information. Dumpster Diving, searching through information thrown away, is a critical problem.

No documents should simply be thrown away in the garbage. Instead paper documents should be shredded.

Even items such as floppy disks and CD-ROMs should be shredded. A lost CD-ROM may just provide all the knowledge required for a competitor to launch a similar product in the market more quickly.